Reason:
Dynamic modules support has been enabled for the following third-party
modules, in case of usage of these modules please update nginx
configuration file for load these modules:
load_module "modules/ngx_dynamic_upstream_module.so";
load_module "modules/ngx_http_small_light_module.so";

2016-02-14

Affects: users of www/nginx-devel

Author: osa@FreeBSD.org

Reason:
Dynamic modules support has been enabled for the following third-party
modules, in case of usage of these modules please update nginx
configuration file for load these modules:
load_module "modules/ngx_http_echo_module.so";
load_module "modules/ngx_http_headers_more_filter_module.so";
load_module "modules/ngx_http_eval_module.so";
load_module "modules/ngx_http_lua_module.so";
load_module "modules/ngx_http_set_misc_module.so";

- www/nginx-devel: Update from 1.13.4 to 1.13.5
- Changelog:
*) Feature: the $ssl_client_escaped_cert variable.
*) Bugfix: the "ssl_session_ticket_key" directive and the "include"
parameter of the "geo" directive did not work on Windows.
*) Bugfix: incorrect response length was returned on 32-bit platforms
when requesting more than 4 gigabytes with multiple ranges.
*) Bugfix: the "expires modified" directive and processing of the
"If-Range" request header line did not use the response last
modification time if proxying without caching was used.
Approved by: osa (maintainer)
Approved by: tz (mentor)
Differential Revision: https://reviews.freebsd.org/D12247

- www/nginx-devel: Update from 1.13.3 to 1.13.4
- pet Portlint
- Changelog:
*) Feature: the ngx_http_mirror_module.
*) Bugfix: client connections might be dropped during configuration
testing when using the "reuseport" parameter of the "listen"
directive on Linux.
*) Bugfix: request body might not be available in subrequests if it was
saved to a file and proxying was used.
*) Bugfix: cleaning cache based on the "max_size" parameter did not work
on Windows.
*) Bugfix: any shared memory allocation required 4096 bytes on Windows.
*) Bugfix: nginx worker might be terminated abnormally when using the
"zone" directive inside the "upstream" block on Windows.
Approved by: osa (maintainer)
Approved by: miwi (mentor)
MFH: 2017Q3
Differential Revision: https://reviews.freebsd.org/D11951

Upgrade from 1.13.1 to 1.13.2.
<ChangeLog>
*) Change: nginx now returns 200 instead of 416 when a range starting
with 0 is requested from an empty file.
*) Feature: the "add_trailer" directive.
Thanks to Piotr Sikora.
*) Bugfix: nginx could not be built on Cygwin and NetBSD; the bug had
appeared in 1.13.0.
*) Bugfix: nginx could not be built under MSYS2 / MinGW 64-bit.
Thanks to Orgad Shaneh.
*) Bugfix: a segmentation fault might occur in a worker process when
using SSI with many includes and proxy_pass with variables.
*) Bugfix: in the ngx_http_v2_module.
Thanks to Piotr Sikora.
</ChangeLog>

Upgrade from 1.13.0 to 1.13.1.
<ChangeLog>
*) Feature: now a hostname can be used as the "set_real_ip_from"
directive parameter.
*) Feature: vim syntax highlighting scripts improvements.
*) Feature: the "worker_cpu_affinity" directive now works on DragonFly
BSD.
Thanks to Sepherosa Ziehau.
*) Bugfix: SSL renegotiation on backend connections did not work when
using OpenSSL before 1.1.0.

A customer has reported about an issue when unable to load a dynamic
module because of wrong order of those modules in the default confi-
guration file, so remove the auto generation of the load modules list.
Bump PORTREVISION.

Upgrade from 1.12.0 to latest "mainline" 1.13.0.
<ChangeLog>
*) Change: SSL renegotiation is now allowed on backend connections.
*) Feature: the "rcvbuf" and "sndbuf" parameters of the "listen"
directives of the mail proxy and stream modules.
*) Feature: the "return" and "error_page" directives can now be used to
return 308 redirections.
Thanks to Simon Leblanc.
*) Feature: the "TLSv1.3" parameter of the "ssl_protocols" directive.
*) Feature: when logging signals nginx now logs PID of the process which
sent the signal.
*) Bugfix: in memory allocation error handling.
*) Bugfix: if a server in the stream module listened on a wildcard
address, the source address of a response UDP datagram could differ
from the original datagram destination address.
</ChangeLog>

Upgrade from 1.11.9 to 1.11.10.
<ChangeLog>
*) Change: cache header format has been changed, previously cached
responses will be invalidated.
*) Feature: support of "stale-while-revalidate" and "stale-if-error"
extensions in the "Cache-Control" backend response header line.
*) Feature: the "proxy_cache_background_update",
"fastcgi_cache_background_update", "scgi_cache_background_update",
and "uwsgi_cache_background_update" directives.
*) Feature: nginx is now able to cache responses with the "Vary" header

- Remove inclusion of bsd.default-versions.mk from ftp/curl/Makefile so
bsd.default-versions.mk can rely on ARCH being defined.
- In bsd.port.mk move inclusion of bsd.default-versions.mk from the
pre-makefile section to the options section so the variables can be used
earlier. Also put the bit of code sitting between the options section and
the pre-makefile section into the options section.
- Remove last few cases where ports set WITH_OPENSSL_PORT. This variable is
handled in bsd.default-versions.mk and some ports were setting it after
including bsd.port.options.mk. After FreeBSD 9 EoL all but a few ports,
and then only when setting non-default options, work without setting that
variable.
PR: 215996
Exp-run by: antoine
Approved by: portmgr (antoine)

Upgrade from 1.11.8 to 1.11.9.
<ChangeLog>
*) Bugfix: nginx might hog CPU when using the stream module; the bug had
appeared in 1.11.5.
*) Bugfix: EXTERNAL authentication mechanism in mail proxy was accepted
even if it was not enabled in the configuration.
*) Bugfix: a segmentation fault might occur in a worker process if the
"ssl_verify_client" directive of the stream module was used.
*) Bugfix: the "ssl_verify_client" directive of the stream module might
not work.

Upgrade from 1.11.6 to 1.11.7.
Upgrade njs module from 8c01042 to f8c642a.
<ChangeLog>
*) Change: now in case of a client certificate verification error the
$ssl_client_verify variable contains a string with the failure
reason, for example, "FAILED:certificate has expired".
*) Feature: the $ssl_ciphers, $ssl_curves, $ssl_client_v_start,
$ssl_client_v_end, and $ssl_client_v_remain variables.
*) Feature: the "volatile" parameter of the "map" directive.
*) Bugfix: dependencies specified for a module were ignored while

Don't quote {} in find -exec calls.
Braces are not shell metacharacters, and they do not need to be quoted.
By the time find parses its arguments and dicovers them, the quoting
will have been removed by the shell anyway.
Sponsored by: Absolight

Upgrade from 1.11.5 to 1.11.6.
Mark following third-party modules with IGNORE, a patches require from
upstreams:
o) http_upstream_fair;
o) drizzle;
o) memc;
o) postgres;
o) redis2.
<ChangeLog>
*) Change: format of the $ssl_client_s_dn and $ssl_client_i_dn variables
has been changed to follow RFC 2253 (RFC 4514); values in the old
format are available in the $ssl_client_s_dn_legacy and
$ssl_client_i_dn_legacy variables.

Upgrade from 1.11.4 to 1.11.5.
Upgrade third-party njs module to its latest version ee84984.
<ChangeLog>
*) Change: the --with-ipv6 configure option was removed, now IPv6
support is configured automatically.
*) Change: now if there are no available servers in an upstream, nginx
will not reset number of failures of all servers as it previously
did, but will wait for fail_timeout to expire.
*) Feature: the ngx_stream_ssl_preread_module.
*) Feature: the "server" directive in the "upstream" context supports

GOOGLE_CODE has gone away.
- If a port has another upstream, remove GOOGLE_CODE
- If a port only has GOOGLE_CODE mark it BROKEN
Some ports have a local mirror configured but for security reasons, it
is not considered upstream.
Sponsored by: Absolight

Upgrade third-party modules:
o) arrayvar from 0.03 to 0.05;
o) devel_kit from 0.2.19 to 0.3.0;
o) echo from 4f7aa50 to 46334b3;
o) encryptsession from 0.03 to 0.05;
o) forminput from 0.07 to 0.12;
o) iconv from 0.10 to 0.14;
o) lua from 0.10.5 to 0.10.6rc1;
o) set_misc from 6582fb4 to f808ef4;
o) sflow from 0.9.7 to 543c72a;
o) small_light from 0.6.15 to 0.8.0;
o) xss from 0.04 to 0.05.
Do not bump PORTREVISION.

Upgrade from 1.11.2 to 1.11.3.
<ChangeLog>
*) Change: now the "accept_mutex" directive is turned off by default.
*) Feature: now nginx uses EPOLLEXCLUSIVE on Linux.
*) Feature: the ngx_stream_geo_module.
*) Feature: the ngx_stream_geoip_module.
*) Feature: the ngx_stream_split_clients_module.
*) Feature: variables support in the "proxy_pass" and "proxy_ssl_name"
directives in the stream module.
*) Bugfix: socket leak when using HTTP/2.
*) Bugfix: in configure tests.
Thanks to Piotr Sikora.
</ChangeLog>

Upgrade third-party tarantool module from 3599ba0 to b852195.
The size of the distro has been decreased dramatically because an rpm
directory with nginx-1.8.0.tar.gz tarball inside has been removed.
PR: 210349

Upgrade from 1.9.14 to 1.9.15.
<ChangeLog>
*) Bugfix: "recv() failed" errors might occur when using HHVM as a
FastCGI server.
*) Bugfix: when using HTTP/2 and the "limit_req" or "auth_request"
directives a timeout or a "client violated flow control" error might
occur while reading client request body; the bug had appeared in
1.9.14.
*) Workaround: a response might not be shown by some browsers if HTTP/2
was used and client request body was not fully read; the bug had
appeared in 1.9.14.
*) Bugfix: connections might hang when using the "aio threads"
directive.
Thanks to Mindaugas Rasiukevicius.
</ChangeLog>